| Name | CVE-2008-5510 |
| Description | The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more) |
| References | DSA-1707-1 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| icedove (PTS) | jessie | 1:52.3.0-4~deb8u2 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| iceape | source | etch | (unfixed) | end-of-life | ||
| iceape | source | (unstable) | 1.1.14-1 | |||
| icedove | source | (unstable) | 2.0.0.19-1 | |||
| iceweasel | source | etch | 2.0.0.19-0etch1 | DSA-1707-1 | ||
| iceweasel | source | (unstable) | 3.0.5-1 | |||
| xulrunner | source | etch | (unfixed) | end-of-life | ||
| xulrunner | source | (unstable) | 1.9.0.5-1 |
[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
patch will be checked for icedove/iceape/xulrunner by Alexander for next round